PageRenderTime 25ms CodeModel.GetById 9ms app.highlight 13ms RepoModel.GetById 1ms app.codeStats 0ms

/crypto/heimdal/kadmin/mod.c

https://bitbucket.org/freebsd/freebsd-head/
C | 263 lines | 199 code | 32 blank | 32 comment | 45 complexity | 3013d2f36c60591992d978059599aeae MD5 | raw file
  1/*
  2 * Copyright (c) 1997 - 2006 Kungliga Tekniska Hรถgskolan
  3 * (Royal Institute of Technology, Stockholm, Sweden).
  4 * All rights reserved.
  5 *
  6 * Redistribution and use in source and binary forms, with or without
  7 * modification, are permitted provided that the following conditions
  8 * are met:
  9 *
 10 * 1. Redistributions of source code must retain the above copyright
 11 *    notice, this list of conditions and the following disclaimer.
 12 *
 13 * 2. Redistributions in binary form must reproduce the above copyright
 14 *    notice, this list of conditions and the following disclaimer in the
 15 *    documentation and/or other materials provided with the distribution.
 16 *
 17 * 3. Neither the name of the Institute nor the names of its contributors
 18 *    may be used to endorse or promote products derived from this software
 19 *    without specific prior written permission.
 20 *
 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 31 * SUCH DAMAGE.
 32 */
 33
 34#include "kadmin_locl.h"
 35#include "kadmin-commands.h"
 36
 37static void
 38add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
 39{
 40    krb5_tl_data *tl, **ptl;
 41
 42    tl = ecalloc(1, sizeof(*tl));
 43    tl->tl_data_next = NULL;
 44    tl->tl_data_type = KRB5_TL_EXTENSION;
 45    tl->tl_data_length = data->length;
 46    tl->tl_data_contents = data->data;
 47
 48    princ->n_tl_data++;
 49    ptl = &princ->tl_data;
 50    while (*ptl != NULL)
 51	ptl = &(*ptl)->tl_data_next;
 52    *ptl = tl;
 53
 54    return;
 55}
 56
 57static void
 58add_constrained_delegation(krb5_context contextp,
 59			   kadm5_principal_ent_rec *princ,
 60			   struct getarg_strings *strings)
 61{
 62    krb5_error_code ret;
 63    HDB_extension ext;
 64    krb5_data buf;
 65    size_t size = 0;
 66
 67    memset(&ext, 0, sizeof(ext));
 68    ext.mandatory = FALSE;
 69    ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to;
 70
 71    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
 72	ext.data.u.allowed_to_delegate_to.val = NULL;
 73	ext.data.u.allowed_to_delegate_to.len = 0;
 74    } else {
 75	krb5_principal p;
 76	int i;
 77
 78	ext.data.u.allowed_to_delegate_to.val =
 79	    calloc(strings->num_strings,
 80		   sizeof(ext.data.u.allowed_to_delegate_to.val[0]));
 81	ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
 82
 83	for (i = 0; i < strings->num_strings; i++) {
 84	    ret = krb5_parse_name(contextp, strings->strings[i], &p);
 85	    if (ret)
 86		abort();
 87	    ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
 88	    if (ret)
 89		abort();
 90	    krb5_free_principal(contextp, p);
 91	}
 92    }
 93
 94    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
 95		       &ext, &size, ret);
 96    free_HDB_extension(&ext);
 97    if (ret)
 98	abort();
 99    if (buf.length != size)
100	abort();
101
102    add_tl(princ, KRB5_TL_EXTENSION, &buf);
103}
104
105static void
106add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
107	    struct getarg_strings *strings)
108{
109    krb5_error_code ret;
110    HDB_extension ext;
111    krb5_data buf;
112    krb5_principal p;
113    size_t size = 0;
114    int i;
115
116    memset(&ext, 0, sizeof(ext));
117    ext.mandatory = FALSE;
118    ext.data.element = choice_HDB_extension_data_aliases;
119    ext.data.u.aliases.case_insensitive = 0;
120
121    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
122	ext.data.u.aliases.aliases.val = NULL;
123	ext.data.u.aliases.aliases.len = 0;
124    } else {
125	ext.data.u.aliases.aliases.val =
126	    calloc(strings->num_strings,
127		   sizeof(ext.data.u.aliases.aliases.val[0]));
128	ext.data.u.aliases.aliases.len = strings->num_strings;
129
130	for (i = 0; i < strings->num_strings; i++) {
131	    ret = krb5_parse_name(contextp, strings->strings[i], &p);
132	    ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
133	    krb5_free_principal(contextp, p);
134	}
135    }
136
137    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
138		       &ext, &size, ret);
139    free_HDB_extension(&ext);
140    if (ret)
141	abort();
142    if (buf.length != size)
143	abort();
144
145    add_tl(princ, KRB5_TL_EXTENSION, &buf);
146}
147
148static void
149add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ,
150	       struct getarg_strings *strings)
151{
152    krb5_error_code ret;
153    HDB_extension ext;
154    krb5_data buf;
155    size_t size = 0;
156    int i;
157
158    memset(&ext, 0, sizeof(ext));
159    ext.mandatory = FALSE;
160    ext.data.element = choice_HDB_extension_data_pkinit_acl;
161    ext.data.u.aliases.case_insensitive = 0;
162
163    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
164	ext.data.u.pkinit_acl.val = NULL;
165	ext.data.u.pkinit_acl.len = 0;
166    } else {
167	ext.data.u.pkinit_acl.val =
168	    calloc(strings->num_strings,
169		   sizeof(ext.data.u.pkinit_acl.val[0]));
170	ext.data.u.pkinit_acl.len = strings->num_strings;
171
172	for (i = 0; i < strings->num_strings; i++) {
173	    ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);
174	}
175    }
176
177    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
178		       &ext, &size, ret);
179    free_HDB_extension(&ext);
180    if (ret)
181	abort();
182    if (buf.length != size)
183	abort();
184
185    add_tl(princ, KRB5_TL_EXTENSION, &buf);
186}
187
188static int
189do_mod_entry(krb5_principal principal, void *data)
190{
191    krb5_error_code ret;
192    kadm5_principal_ent_rec princ;
193    int mask = 0;
194    struct modify_options *e = data;
195
196    memset (&princ, 0, sizeof(princ));
197    ret = kadm5_get_principal(kadm_handle, principal, &princ,
198			      KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
199			      KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
200			      KADM5_PRINC_EXPIRE_TIME |
201			      KADM5_PW_EXPIRATION);
202    if(ret)
203	return ret;
204
205    if(e->max_ticket_life_string ||
206       e->max_renewable_life_string ||
207       e->expiration_time_string ||
208       e->pw_expiration_time_string ||
209       e->attributes_string ||
210       e->kvno_integer != -1 ||
211       e->constrained_delegation_strings.num_strings ||
212       e->alias_strings.num_strings ||
213       e->pkinit_acl_strings.num_strings) {
214	ret = set_entry(context, &princ, &mask,
215			e->max_ticket_life_string,
216			e->max_renewable_life_string,
217			e->expiration_time_string,
218			e->pw_expiration_time_string,
219			e->attributes_string);
220	if(e->kvno_integer != -1) {
221	    princ.kvno = e->kvno_integer;
222	    mask |= KADM5_KVNO;
223	}
224	if (e->constrained_delegation_strings.num_strings) {
225	    add_constrained_delegation(context, &princ,
226				       &e->constrained_delegation_strings);
227	    mask |= KADM5_TL_DATA;
228	}
229	if (e->alias_strings.num_strings) {
230	    add_aliases(context, &princ, &e->alias_strings);
231	    mask |= KADM5_TL_DATA;
232	}
233	if (e->pkinit_acl_strings.num_strings) {
234	    add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);
235	    mask |= KADM5_TL_DATA;
236	}
237
238    } else
239	ret = edit_entry(&princ, &mask, NULL, 0);
240    if(ret == 0) {
241	ret = kadm5_modify_principal(kadm_handle, &princ, mask);
242	if(ret)
243	    krb5_warn(context, ret, "kadm5_modify_principal");
244    }
245
246    kadm5_free_principal_ent(kadm_handle, &princ);
247    return ret;
248}
249
250int
251mod_entry(struct modify_options *opt, int argc, char **argv)
252{
253    krb5_error_code ret = 0;
254    int i;
255
256    for(i = 0; i < argc; i++) {
257	ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);
258	if (ret)
259	    break;
260    }
261    return ret != 0;
262}
263